Cyber Incident Victim: IPCA Laboratories

On September 14, 2022, Indian pharmaceutical manufacturer IPCA Laboratories was publicly implicated in a cyberattack by the extortion group RansomHouse, which claimed to have exfiltrated 500 gigabytes of data from the company’s systems. The group published samples of stolen data on its dark web leak site, including employee records, internal audit reports, and sensitive medical research materials. Cybersecurity firm Technisanct’s CEO Nandakishore Harikumar confirmed RansomHouse’s involvement, indicating active ransom negotiations at the time of reporting. IPCA, a Mumbai-based company with international regulatory approvals and operations in over 120 countries, did not respond to multiple inquiries from TechCrunch seeking confirmation or details about the incident. Attempts to contact compliance officer Harish P. Kamath and CIO Ashok Nayak via email and LinkedIn went unanswered, though Nayak viewed the messages.

The breach exposed data pertaining to current and former employees alongside corporate documents, though the full scope of compromised systems remained unverified. RansomHouse, active since December 2021, positions itself as a “professional mediators community” but engages in data extortion tactics similar to ransomware groups, with prior victims including AMD and Shoprite. No specific ransom demand or payment details were disclosed. The incident occurred amid heightened vulnerabilities in India’s healthcare sector, which ranked second globally in 2021 for recorded cyberattacks according to CloudSEK. Harikumar noted systemic deficiencies in Indian pharmaceutical cybersecurity preparedness, emphasizing reliance on government guidance rather than proactive measures like bug bounty programs or tailored defense strategies. IPCA’s operational impacts and remediation efforts were not formally addressed by the company as of the report’s publication.